diff options
author | wolfbeast <mcwerewolf@gmail.com> | 2018-08-14 07:52:35 +0200 |
---|---|---|
committer | wolfbeast <mcwerewolf@gmail.com> | 2018-08-14 16:42:52 +0200 |
commit | ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9 (patch) | |
tree | 5e4677e52b9a349602f04135a44b3000c8baa97b /security/nss/lib/ssl/ssl3gthr.c | |
parent | f44e99950fc25d16a3cdaffe26dadf7b58a9d38c (diff) | |
download | UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.gz UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.lz UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.tar.xz UXP-ab1060037931158d3a8bf4c8f9f6cb4dbfe916e9.zip |
Update NSS to 3.38
- Added HACL*Poly1305 32-bit (INRIA/Microsoft)
- Updated to final TLS 1.3 draft version (28)
- Removed TLS 1.3 prerelease draft limit check
- Removed NPN code
- Enabled dev/urandom-only RNG on Linux with NSS_SEED_ONLY_DEV_URANDOM for non-standard environments
- Fixed several bugs with TLS 1.3 negotiation
- Updated internal certificate store
- Added support for the TLS Record Size Limit Extension.
- Fixed CVE-2018-0495
- Various security fixes in the ASN.1 code.
Diffstat (limited to 'security/nss/lib/ssl/ssl3gthr.c')
-rw-r--r-- | security/nss/lib/ssl/ssl3gthr.c | 109 |
1 files changed, 62 insertions, 47 deletions
diff --git a/security/nss/lib/ssl/ssl3gthr.c b/security/nss/lib/ssl/ssl3gthr.c index 8b323bb05..5ea7cc249 100644 --- a/security/nss/lib/ssl/ssl3gthr.c +++ b/security/nss/lib/ssl/ssl3gthr.c @@ -158,6 +158,7 @@ ssl3_GatherData(sslSocket *ss, sslGather *gs, int flags, ssl2Gather *ssl2gs) * the length of the following encrypted data, and then * read in the rest of the record into gs->inbuf. */ gs->remainder = (gs->hdr[3] << 8) | gs->hdr[4]; + gs->hdrLen = SSL3_RECORD_HEADER_LENGTH; } else { /* Probably an SSLv2 record header. No need to handle any * security escapes (gs->hdr[0] & 0x40) as we wouldn't get @@ -264,8 +265,9 @@ static int dtls_GatherData(sslSocket *ss, sslGather *gs, int flags) { int nb; - int err; - int rv = 1; + PRUint8 contentType; + unsigned int headerLen; + SECStatus rv; SSL_TRC(30, ("dtls_GatherData")); @@ -285,81 +287,97 @@ dtls_GatherData(sslSocket *ss, sslGather *gs, int flags) ** to 13 (the size of the record header). */ if (gs->dtlsPacket.space < MAX_FRAGMENT_LENGTH + 2048 + 13) { - err = sslBuffer_Grow(&gs->dtlsPacket, - MAX_FRAGMENT_LENGTH + 2048 + 13); - if (err) { /* realloc has set error code to no mem. */ - return err; + rv = sslBuffer_Grow(&gs->dtlsPacket, + MAX_FRAGMENT_LENGTH + 2048 + 13); + if (rv != SECSuccess) { + return -1; /* Code already set. */ } } /* recv() needs to read a full datagram at a time */ nb = ssl_DefRecv(ss, gs->dtlsPacket.buf, gs->dtlsPacket.space, flags); - if (nb > 0) { PRINT_BUF(60, (ss, "raw gather data:", gs->dtlsPacket.buf, nb)); } else if (nb == 0) { /* EOF */ SSL_TRC(30, ("%d: SSL3[%d]: EOF", SSL_GETPID(), ss->fd)); - rv = 0; - return rv; + return 0; } else /* if (nb < 0) */ { SSL_DBG(("%d: SSL3[%d]: recv error %d", SSL_GETPID(), ss->fd, PR_GetError())); - rv = SECFailure; - return rv; + return -1; } gs->dtlsPacket.len = nb; } + contentType = gs->dtlsPacket.buf[gs->dtlsPacketOffset]; + if (dtls_IsLongHeader(ss->version, contentType)) { + headerLen = 13; + } else if (contentType == content_application_data) { + headerLen = 7; + } else if ((contentType & 0xe0) == 0x20) { + headerLen = 2; + } else { + SSL_DBG(("%d: SSL3[%d]: invalid first octet (%d) for DTLS", + SSL_GETPID(), ss->fd, contentType)); + PORT_SetError(SSL_ERROR_RX_UNKNOWN_RECORD_TYPE); + gs->dtlsPacketOffset = 0; + gs->dtlsPacket.len = 0; + return -1; + } + /* At this point we should have >=1 complete records lined up in * dtlsPacket. Read off the header. */ - if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < 13) { + if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < headerLen) { SSL_DBG(("%d: SSL3[%d]: rest of DTLS packet " "too short to contain header", SSL_GETPID(), ss->fd)); - PR_SetError(PR_WOULD_BLOCK_ERROR, 0); + PORT_SetError(PR_WOULD_BLOCK_ERROR); gs->dtlsPacketOffset = 0; gs->dtlsPacket.len = 0; - rv = SECFailure; - return rv; + return -1; } - memcpy(gs->hdr, gs->dtlsPacket.buf + gs->dtlsPacketOffset, 13); - gs->dtlsPacketOffset += 13; + memcpy(gs->hdr, SSL_BUFFER_BASE(&gs->dtlsPacket) + gs->dtlsPacketOffset, + headerLen); + gs->hdrLen = headerLen; + gs->dtlsPacketOffset += headerLen; /* Have received SSL3 record header in gs->hdr. */ - gs->remainder = (gs->hdr[11] << 8) | gs->hdr[12]; + if (headerLen == 13) { + gs->remainder = (gs->hdr[11] << 8) | gs->hdr[12]; + } else if (headerLen == 7) { + gs->remainder = (gs->hdr[5] << 8) | gs->hdr[6]; + } else { + PORT_Assert(headerLen == 2); + gs->remainder = gs->dtlsPacket.len - gs->dtlsPacketOffset; + } if ((gs->dtlsPacket.len - gs->dtlsPacketOffset) < gs->remainder) { SSL_DBG(("%d: SSL3[%d]: rest of DTLS packet too short " "to contain rest of body", SSL_GETPID(), ss->fd)); - PR_SetError(PR_WOULD_BLOCK_ERROR, 0); + PORT_SetError(PR_WOULD_BLOCK_ERROR); gs->dtlsPacketOffset = 0; gs->dtlsPacket.len = 0; - rv = SECFailure; - return rv; + return -1; } /* OK, we have at least one complete packet, copy into inbuf */ - if (gs->remainder > gs->inbuf.space) { - err = sslBuffer_Grow(&gs->inbuf, gs->remainder); - if (err) { /* realloc has set error code to no mem. */ - return err; - } + gs->inbuf.len = 0; + rv = sslBuffer_Append(&gs->inbuf, + SSL_BUFFER_BASE(&gs->dtlsPacket) + gs->dtlsPacketOffset, + gs->remainder); + if (rv != SECSuccess) { + return -1; /* code already set. */ } - - SSL_TRC(20, ("%d: SSL3[%d]: dtls gathered record type=%d len=%d", - SSL_GETPID(), ss->fd, gs->hdr[0], gs->inbuf.len)); - - memcpy(gs->inbuf.buf, gs->dtlsPacket.buf + gs->dtlsPacketOffset, - gs->remainder); - gs->inbuf.len = gs->remainder; gs->offset = gs->remainder; gs->dtlsPacketOffset += gs->remainder; gs->state = GS_INIT; + SSL_TRC(20, ("%d: SSL3[%d]: dtls gathered record type=%d len=%d", + SSL_GETPID(), ss->fd, contentType, gs->inbuf.len)); return 1; } @@ -442,7 +460,11 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags) * We need to process it now before we overwrite it with the next * handshake record. */ - rv = ssl3_HandleRecord(ss, NULL, &ss->gs.buf); + SSL_DBG(("%d: SSL3[%d]: resuming handshake", + SSL_GETPID(), ss->fd)); + PORT_Assert(!IS_DTLS(ss)); + rv = ssl3_HandleNonApplicationData(ss, content_handshake, + 0, 0, &ss->gs.buf); } else { /* State for SSLv2 client hello support. */ ssl2Gather ssl2gs = { PR_FALSE, 0 }; @@ -495,20 +517,14 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags) * If it's application data, ss->gs.buf will not be empty upon return. * If it's a change cipher spec, alert, or handshake message, * ss->gs.buf.len will be 0 when ssl3_HandleRecord returns SECSuccess. + * + * cText only needs to be valid for this next function call, so + * it can borrow gs.hdr. */ - cText.type = (SSL3ContentType)ss->gs.hdr[0]; - cText.version = (ss->gs.hdr[1] << 8) | ss->gs.hdr[2]; - - if (IS_DTLS(ss)) { - sslSequenceNumber seq_num; - - /* DTLS sequence number */ - PORT_Memcpy(&seq_num, &ss->gs.hdr[3], sizeof(seq_num)); - cText.seq_num = PR_ntohll(seq_num); - } - + cText.hdr = ss->gs.hdr; + cText.hdrLen = ss->gs.hdrLen; cText.buf = &ss->gs.inbuf; - rv = ssl3_HandleRecord(ss, &cText, &ss->gs.buf); + rv = ssl3_HandleRecord(ss, &cText); } } if (rv < 0) { @@ -520,7 +536,6 @@ ssl3_GatherCompleteHandshake(sslSocket *ss, int flags) * completing any renegotiation handshake we may be doing. */ PORT_Assert(ss->firstHsDone); - PORT_Assert(cText.type == content_application_data); break; } |